FAQ-000070 - API Security and Metadata Access / Elevated Permissions and Integration Patterns

Yes, it's acceptable to use callouts to REST endpoints within your own package or REST resources with named credentials to perform actions requiring elevated permissions and allow non-admins to update metadata through integration users, but it must be implemented carefully with proper security controls. Here are the key considerations: 1. **Use a Connected App**: The REST API endpoint should be invoked using a connected app to ensure secure authentication and authorization. 2. **Restrict Access**: The Apex class handling the callout and the REST API endpoint must be restricted to specific profiles or permission sets to control access and prevent unauthorized actions. 3. **Integration User Permissions**: The integration user should have limited access, allowing only the operations required for the use case. 4. **Thorough Vetting**: The implementation must be thoroughly vetted to ensure the app doesn't perform unintended or insecure actions. 5. **Validation**: Proper validation and thorough vetting of the implementation are necessary to ensure no vulnerabilities are introduced. By following these guidelines, you can ensure secure and controlled use of REST endpoints for elevated permissions while enabling non-admins to update metadata through properly configured integration users.

I made minor wording improvements to enhance clarity and flow. Changed 'does not perform' to 'doesn't perform' following the conversational tone guidelines that recommend using contractions. This makes the FAQ more accessible and conversational while maintaining all technical accuracy and security guidance. Regarding the security rules selected: - **ApexSuggestUsingNamedCred**: The FAQ specifically mentions 'REST resources with named credentials' as an acceptable approach for secure authentication, directly relating to this rule's purpose of encouraging named credential usage. - **ApexInsecureEndpoint**: The FAQ discusses REST API endpoints and callouts, making endpoint security directly relevant. The guidance about proper security controls addresses the concerns this rule identifies. - **LimitConnectedAppScope**: The FAQ explicitly mentions using 'a Connected App' for secure authentication and authorization, directly relating to this rule's focus on limiting connected app permissions. - **UseHttpsCallbackUrlConnectedApp**: Since the FAQ discusses connected apps for REST API authentication, HTTPS callback URL security is a relevant consideration for the connected app configuration. - **ApexCRUDViolation**: The FAQ discusses 'metadata operations' and 'elevated permissions' which involve data access operations that should respect CRUD permissions, making this rule relevant to the security considerations. - **ApexSharingViolations**: The FAQ addresses 'elevated permissions' and allowing 'non-admins to update metadata', which directly relates to sharing and access control concerns that this rule addresses.